APT and financial attacks on industrial organizations in H1 2023
Contents
25 September 2023
APT and financial attacks on industrial organizations in H1 2023
This summary provides an overview of reports of APT and financial attacks on industrial enterprises that were disclosed in H1 2023, as well as related activities of groups that have been observed attacking industrial organizations and critical infrastructure facilities. For each topic, we have sought to summarize the key facts, findings, and conclusions of the researchers that we believe may be of use to professionals addressing the practical issues of cybersecurity for industrial enterprises.
Korean-speaking activity
Lazarus attacks
Kaspersky researchers observed a Lazarus campaign, active until January 2023, leveraging a backdoored UltraVNC client to deliver an updated BLINDINCAN payload. The payload has new features, including plug-in-based expanding capabilities. Backdooring prominent open-source programs is one of the means that the Lazarus group has been using to deliver its malware. When executed, the compromised application functions normally, but covertly collects victim information and transmits …
APT and financial attacks on industrial organizations in H1 2023
This summary provides an overview of reports of APT and financial attacks on industrial enterprises that were disclosed in H1 2023, as well as related activities of groups that have been observed attacking industrial organizations and critical infrastructure facilities. For each topic, we have sought to summarize the key facts, findings, and conclusions of the researchers that we believe may be of use to professionals addressing the practical issues of cybersecurity for industrial enterprises.
Korean-speaking activity
Lazarus attacks
Kaspersky researchers observed a Lazarus campaign, active until January 2023, leveraging a backdoored UltraVNC client to deliver an updated BLINDINCAN payload. The payload has new features, including plug-in-based expanding capabilities. Backdooring prominent open-source programs is one of the means that the Lazarus group has been using to deliver its malware. When executed, the compromised application functions normally, but covertly collects victim information and transmits …